Assessing the trustworthiness of cryptographic material provided by network services at the point of connection establishment or attached to executable code in the form of digital signatures is a difficult problem. Many solutions limit the validation to a key material's properties, attached metadata, and associated trust-relationships. In addition, whenever possible and applicable, the latest available validity status of an involved key is retrieved from a designated repository. Even then, dangers exist such as delay in updating the validity status of the key material, the lack of network connectivity to allow the retrieval of latest available validity status and so forth. This can result in a system trusting invalid or otherwise compromised cryptographic key material.